Nytro Posted August 18, 2019 Report Posted August 18, 2019 AWS security tools Introduction The time that people were reluctant to use cloud services, seems behind us. Amazon Web Services or AWS is one of the big players now when it comes to cloud computing services. With everything that is big, it won't take long for security-minded people to notice and do some poking at it. This category of tools is focused in particular on some of the services provided by AWS. There are configuration auditing tools to scan the nodes itself, while other tools specifically scan the storage (S3 buckets). Usage AWS security tools are typically used for configuration audit and storage security testing. Users for these tools include pentesters, security professionals, system administrators. Tools AWSBucketDump (Amazon S3 bucket scanner) configuration audit, discovery of sensitive information, security assessment AWSBucketDump is a security tool to find interesting files in AWS S3 buckets that are part of Amazon cloud services. These storage containers may have interesting files, which a tool like AWSBucketDump can discover. Amazon S3 AWS Bucket Finder (AWS S3 bucket finder) data leak detection, penetration testing, security assessment The Bucket Finder tool can be a helpful tool during penetration testing and security assessments. It helps with the discovery of S3 buckets on the Amazon AWS cloud. Amazon S3 AWS Storage BuQuikker (find open AWS S3 buckets) data leak detection, security assessment BuQuikker is a security tool to scan the Amazon S3 storage service. Its goal is to find open and unprotected S3 buckets. Amazon S3 AWS Data leak Storage CloudSploit scans (AWS account scanner) configuration audit, IT audit, security assessment CloudSploit scans is an open source software project to test security risks related to an AWS account. It runs tests against your Amazon account and aims to discover any potential misconfigured setting or other risks. Account AWS Cloud security Credentials inSp3ctor (AWS S3 bucket and object discovery) penetration testing, security assessment, storage security testing Like other S3 bucket scanners, inSp3ctor helps to find valid storage buckets on Amazon's AWS platform. This can be useful for security assignments like penetration testing or see what information is available about a company. Another option is using it to see if any private data is leaking. Amazon S3 AWS Storage Prowler (AWS benchmark tool) compliance testing, security assessment, system hardening Prowler is a security tool to check systems on AWS against the related CIS benchmark. This benchmark provides a set of best practices for AWS. The primary usage for this tool is system hardening and compliance checking. AWS Configuration audit System audit Technical Audit s3-fuzzer (Amazon S3 bucket scanner) configuration audit, discovery of sensitive information, security assessment This fuzzing tool helps with discovering sensitive data in Amazon S3 buckets. S3 buckets are storage containers and may reveal data to unauthorized individuals. This tools helps with the discovery process. Amazon S3 AWS S3Scanner (AWS S3 bucket scanner) information gathering, information leak detection, penetration testing, storage security testing The aptly named S3Scanner is to be used to detect AWS S3 buckets. Discovered buckets are displayed, together with the related objects in the bucket. Amazon S3 AWS Storage Security Monkey (security monitoring tool) security monitoring Security Monkey monitors AWS and GCP accounts for policy changes and alerts on insecure configurations. Alerting AWS Security monitoring Teh S3 Bucketeers (AWS S3 bucket scanner) penetration testing, security assessment, storage security testing Tools like Teh S3 Bucketeers are valuable for doing reconnaissance and information gathering. They may be used during penetration tests and security assessments. The primary goal of these tools is to find S3 buckets that may lead to sensitive data stored on Amazon's storage service. Amazon S3 AWS Storage Zeus (AWS auditing and hardening tool) configuration audit, security assessment, self-assessment, system hardening Zeus is a tool to perform a quick security scan of an AWS environment. It helps to find missing security controls, so additional system hardening measures can be applied to systems. Audit System audit System hardening Technical Audit Other related category: Amazon S3 bucket scanners Missing a favorite tool in this list? Share a tool suggestion and we will review it. Sursa: https://linuxsecurity.expert/security-tools/aws-security-tools Quote
